23
DISCLAIMER The issues addressed in this presentation may be controversial. This is for educational and awareness purposes only. Do not attempt to violate the law with anything contained here. Neither the author of this material, nor anyone else a liated in any way, is liable for your actions. Some information from the internet and some of personal experience; doesn’t want to hurt anybody, and please give Feedback D3PAK KUMAR DIGITAL FORENSICS | CYBER INTELLIGENCE FORENSICS CHALLENGES

Cyber Forensics & Challenges

Embed Size (px)

Citation preview

DISCLAIMER

The issues addressed in this presentation may be controversial. This is for educational and awareness

purposes only. Do not attempt to violate the law with anything contained here. Neither the author of this

material, nor anyone else affiliated in any way, is liable for your actions.

Some information from the internet and some of personal experience; doesn’t want to hurt anybody,

and please give Feedback

D3PAK KUMAR

DIGITAL FORENSICS | CYBER INTELLIGENCEFORENSICS CHALLENGES

AGENDA

FORENSIC GUIDELINES

CHAIN OF CUSTODY

FORENSICS CHALLENGES

ANTI-FORENSICS

WHAT IS FORENSICS

STEPS OF FORENSICS

TOOLS & QUESTIONS

DIGITAL FORENSICS TRENDS

GOOD THINGS IN FORENSICS

D3PAK KUMAR

DIGITAL FORENSICS | CYBER INTELLIGENCEFORENSICS CHALLENGES

SO WHAT IS 4N6 ?

IF THE COMPANY HACKED WHAT'S YOUR FIRST REACTION ?

YOU MEAN

• Almost Just Doing Data Extraction & Reporting

• Working On Tools

• Good In Malware Analysis

• Data Recovery From Storage Media

• Running Certain Script Programming

• Rooting / Jailbreak Mobile Phones

• ….

FORENSICS CHALLENGESD3PAK KUMAR

DIGITAL FORENSICS | CYBER INTELLIGENCE

FORENSICS CHALLENGESD3PAK KUMAR

DIGITAL FORENSICS | CYBER INTELLIGENCE

Science for the examination and analysis of digital trace evidence.

FORENSICS CHALLENGES

D3PAK KUMAR

DIGITAL FORENSICS | CYBER INTELLIGENCE

DIGITAL FORENSICS STANDARDS & GUIDELINES

• NIST: National Institute of Standard Technology (CFTT, NSRL, CFReDS)

• NIJ: National Institute of Justice (Several Standards, National Criminal Justice Reference Service)

• IOCE: International Organization on Computer Evidence

• ASCLD/LAB: American Society of Crime Laboratory Directors/Laboratory Accreditation Board

• ASTM: E2678 standard; Guide for Education & Training

• ISO SC 27 CS1: 17025 General requirements for the competence of testing and calibration laboratories

• AES: Audio Engineering Society (Authentication of Analog tape)

• SWGDE & SWGIT: Scientific Working Group on Digital Evidence & Scientific Working Group on Imaging Technology

• ACPO: Association of Chief Police Officers

• DSCI Manual India (Not specific standards but Manual)

FORENSICS CHALLENGESD3PAK KUMAR

DIGITAL FORENSICS | CYBER INTELLIGENCE

FORENSICS CHALLENGESD3PAK KUMAR

DIGITAL FORENSICS | CYBER INTELLIGENCE

CHAIN OF CUSTODY

Lack of integrity in the process of custody and, absence of appropriate documentation in this regard, will not only be detrimental to the cyber crime investigation, during trial but also, expose the IOs to criminal

liability under Section 72 of the ITAA2008

STANDARDS + TOOLS + _______ = FORENSICS

FORENSIC CHALLENGES

FORENSICS CHALLENGESD3PAK KUMAR

DIGITAL FORENSICS | CYBER INTELLIGENCE

WHICH CYBER SECURITY THREAT ARE YOU "MOST" CONCERNED ABOUT?

• Social Engineering

• Malware

• Data Breach

• Insiders

• Ddos

• Noobs

• Welcome ______To Add Your Option

FORENSICS CHALLENGESD3PAK KUMAR

DIGITAL FORENSICS | CYBER INTELLIGENCE

BIGGEST CHALLENGES IN DIGI FORENSICS

• Encryption

• Cloud Forensics

• Triage

• Legal Challenges

• Growth In Digital Crimes

• Lack Of Resource

• Cross-border Cooperation

• Latest Emerging Technologies

• Lack Of Intelligence

• New Application Artifacts

• SSD Forensics

• Fileless Malware APT

FORENSICS CHALLENGESD3PAK KUMAR

DIGITAL FORENSICS | CYBER INTELLIGENCE

ANTI-FORENSICS

AWESOME

FORENSICS CHALLENGESD3PAK KUMAR

DIGITAL FORENSICS | CYBER INTELLIGENCE

• Basic Tactics

• Data Hidings/ Steg

• Deleting Data

• Cracked Craps VPN Proxy

• Shells (SIEM web logs)

• Renaming Datafile

• Changing Attributes etc

• Misinformation / Honeypot

• Tail, ToR

• Live OS

• Hacked WiFi

• Fileless Malwares/Overflow Exploit

• Bypassing Concept

• DoD Standards etc

BLOWSOME

WHAT ARE THESE

WHAT IS HAPPENING EXECUTED APPLICATIONS SYSTEM TRAY?

GOOD THINGS OF TECHNOLOGY

FORENSICS CHALLENGESD3PAK KUMAR

DIGITAL FORENSICS | CYBER INTELLIGENCE

DEEP-WEB / REDDITLEAD (SOCIAL NETWORKING) MOBILE FORENSICS

IOT / Sync

COOKIES INTELLIGENCE

GOOD THINGS OF TECHNOLOGY (Cont)

FORENSICS CHALLENGESD3PAK KUMAR

DIGITAL FORENSICS | CYBER INTELLIGENCE

CTI COMMUNITIES OPEN-SOURCE INTELLIGENCE / GIT

GOOGLEAnd The best : Social Engineering

I f you search for "how do I delete my web history" , and I f ind it in

your web history, you have failed

FORENSICS CHALLENGESD3PAK KUMAR

DIGITAL FORENSICS | CYBER INTELLIGENCE

FORENSICS CHALLENGESD3PAK KUMAR

DIGITAL FORENSICS | CYBER INTELLIGENCE

Don’t believe marketing hype

"oh, we spent $$$ in $Vendor product, so we are safe"

Any "tool", regardless of the price, is still a "tool"

FORENSICS CHALLENGESD3PAK KUMAR

DIGITAL FORENSICS | CYBER INTELLIGENCE

IMAGE FORENSICS

FORENSICS CHALLENGESD3PAK KUMAR

DIGITAL FORENSICS | CYBER INTELLIGENCE

SOME BEST TOOLS

Commercial/Proprietary

• Mobile Forensics : UFED, Oxygen, Santoku

• Composite: EnCase, FTK, NUIX, Belkasoft, CyberCheck, Magnet Axiom, OSForensic

• Writeblocker/Imager : Tableau, Ad Triage, FTK Imager, Encase Imager, DD

Opensource/GPL

• Volatility, Nirsoft, GRR, DFF, Autopsy TSK, Regripper, Caine Distro, Wireshark, JTR, Xplico, Networkminer, Splunk, Arsenal image mounter,

HashMyFiles, Sysinternal, Mimikatz, Metasploit, Git (Tools)

For more list : https://d3pakblog.wordpress.com/2016/12/27/computer-forensic-tools/

Career: https://d3pakblog.wordpress.com/2017/07/16/forensics-as-career/

FORENSICS CHALLENGESD3PAK KUMAR

DIGITAL FORENSICS | CYBER INTELLIGENCE

D 3pa k@Pr otonma i l . c om

R esour c es : w w w .D 3pakb log .w ordpr ess . c om

FORENSICS CHALLENGESD3PAK KUMAR

DIGITAL FORENSICS | CYBER INTELLIGENCE

PARSING GOING ON QUESTIONS